import admin.Menu
import grails.converters.JSON
import grails.plugin.springsecurity.SpringSecurityUtils
import org.springframework.security.access.annotation.Secured
import org.springframework.security.authentication.CredentialsExpiredException
import org.springframework.security.authentication.DisabledException
import org.springframework.security.authentication.LockedException
import org.springframework.security.core.context.SecurityContextHolder as SCH
import org.springframework.security.web.WebAttributes
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter

import javax.security.auth.login.AccountExpiredException
import javax.servlet.http.HttpServletResponse

@Secured('permitAll')
class LoginController {

    /**
     * Dependency injection for the authenticationTrustResolver.
     */
    def authenticationTrustResolver

    /**
     * Dependency injection for the springSecurityService.
     */
    def springSecurityService
    /**
     * Default action; redirects to 'defaultTargetUrl' if logged in, /login/auth otherwise.
     */

    def index (){
        if (springSecurityService.isLoggedIn()) {
            List<Menu> menuList=Menu.list()
           render(view: "/admin/major",model: [menuList:menuList])
        } else {
            redirect uri: '/login.gsp', params: params
        }
    }
    /**
     * Show the login page.
     */
    def auth (){

        def config = SpringSecurityUtils.securityConfig

        if (springSecurityService.isLoggedIn()) {
            redirect uri: config.successHandler.defaultTargetUrl
            return
        }

        String view = 'auth'
        String postUrl = "${request.contextPath}${config.apf.filterProcessesUrl}"
        render view: view, model: [postUrl            : postUrl,
                                   rememberMeParameter: config.rememberMe.parameter]
    }

    /**
     * The redirect action for Ajax requests.
     */
    def authAjax (){
        response.setHeader 'Location', SpringSecurityUtils.securityConfig.auth.ajaxLoginFormUrl
        response.sendError HttpServletResponse.SC_UNAUTHORIZED
    }

    /**
     * Show denied page.
     */
    def denied (){
        if (springSecurityService.isLoggedIn() &&
                authenticationTrustResolver.isRememberMe(SCH.context?.authentication)) {
            // have cookie but the page is guarded with IS_AUTHENTICATED_FULLY
            redirect action: 'full', params: params
        }
    }

    /**
     * Login page for users with a remember-me cookie but accessing a IS_AUTHENTICATED_FULLY page.
     */
    def full (){
        def config = SpringSecurityUtils.securityConfig
        render view: 'auth', params: params,
                model: [hasCookie: authenticationTrustResolver.isRememberMe(SCH.context?.authentication),
                        postUrl  : "${request.contextPath}${config.apf.filterProcessesUrl}"]
    }

    /**
     * Callback after a failed login. Redirects to the auth page with a warning message.
     */
    def authfail (){
        def username = session[UsernamePasswordAuthenticationFilter.SPRING_SECURITY_LAST_USERNAME_KEY]
        String msg = ''
        def exception = session[WebAttributes.AUTHENTICATION_EXCEPTION]
        if (exception) {
            if (exception instanceof AccountExpiredException) {
                msg = g.message(code: "springSecurity.errors.login.expired")
            } else if (exception instanceof CredentialsExpiredException) {
                msg = g.message(code: "springSecurity.errors.login.passwordExpired")
            } else if (exception instanceof DisabledException) {
                msg = g.message(code: "springSecurity.errors.login.disabled")
            } else if (exception instanceof LockedException) {
                msg = g.message(code: "用户被锁定")
            } else {
                msg = g.message(code: "登录失败！用户名或密码错误")
                log.info exception
            }
        }
        if (springSecurityService.isAjax(request)) {
            render([error: msg] as JSON)
        } else {
            log.debug(msg)
            flash.message = msg
            redirect action: '/', params: params
//            render (view: '/dl/login',model:[errors:msg])
        }
    }

    /**
     * The Ajax success redirect url.
     */
    def ajaxSuccess (){
        render([success: true, username: springSecurityService.authentication.name] as JSON)
    }

    /**
     * The Ajax denied redirect url.
     */
    def ajaxDenied (){
        render([success:false,errors: '您没有操作权限'] as JSON)
    }

    //params.j_username,params.j_password
    def login (){
        log.debug(params)
        def a=springSecurityService.encodePassword("admin")
        log.debug(a)

        redirect(uri: "/login_check?username=${params.username}&password=${params.password}")

    }
    def t(){
        render view: "/index/index", model: []
    }
    def utilsService



    // 当前用户的username
    def curUsername(){
        def result=[success: true,message:'']
        def user =utilsService.currentUser
        result.message= user?.username
        render result as JSON
    }


    def save(domain) {
        domain.clearErrors()
        if (!domain.save()) {
            domain.errors.each {
                log.error(it)
            }
        }
        domain
    }

}
